1 /*
2 * Copyright 2004-2007 Juan Lang
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 */
18 #include <assert.h>
19 #include <stdarg.h>
20 #include "windef.h"
21 #include "winbase.h"
22 #include "wincrypt.h"
23 #include "winreg.h"
24 #include "winuser.h"
25 #include "wine/debug.h"
26 #include "crypt32_private.h"
27
28 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
29
30 typedef struct _WINE_HASH_TO_DELETE
31 {
32 BYTE hash[20];
33 struct list entry;
34 } WINE_HASH_TO_DELETE;
35
36 typedef struct _WINE_REGSTOREINFO
37 {
38 DWORD dwOpenFlags;
39 HCERTSTORE memStore;
40 HKEY key;
41 BOOL dirty;
42 CRITICAL_SECTION cs;
43 struct list certsToDelete;
44 struct list crlsToDelete;
45 struct list ctlsToDelete;
46 } WINE_REGSTOREINFO;
47
CRYPT_HashToStr(const BYTE * hash,LPWSTR asciiHash)48 static void CRYPT_HashToStr(const BYTE *hash, LPWSTR asciiHash)
49 {
50 static const WCHAR fmt[] = { '%','0','2','X',0 };
51 DWORD i;
52
53 assert(hash);
54 assert(asciiHash);
55
56 for (i = 0; i < 20; i++)
57 wsprintfW(asciiHash + i * 2, fmt, hash[i]);
58 }
59
60 static const WCHAR CertsW[] = { 'C','e','r','t','i','f','i','c','a','t','e','s',
61 0 };
62 static const WCHAR CRLsW[] = { 'C','R','L','s',0 };
63 static const WCHAR CTLsW[] = { 'C','T','L','s',0 };
64 static const WCHAR BlobW[] = { 'B','l','o','b',0 };
65
CRYPT_RegReadSerializedFromReg(HKEY key,DWORD contextType,HCERTSTORE store)66 static void CRYPT_RegReadSerializedFromReg(HKEY key, DWORD contextType,
67 HCERTSTORE store)
68 {
69 LONG rc;
70 DWORD index = 0;
71 WCHAR subKeyName[MAX_PATH];
72
73 do {
74 DWORD size = ARRAY_SIZE(subKeyName);
75
76 rc = RegEnumKeyExW(key, index++, subKeyName, &size, NULL, NULL, NULL,
77 NULL);
78 if (!rc)
79 {
80 HKEY subKey;
81
82 rc = RegOpenKeyExW(key, subKeyName, 0, KEY_READ, &subKey);
83 if (!rc)
84 {
85 LPBYTE buf = NULL;
86
87 size = 0;
88 rc = RegQueryValueExW(subKey, BlobW, NULL, NULL, NULL, &size);
89 if (!rc)
90 buf = CryptMemAlloc(size);
91 if (buf)
92 {
93 rc = RegQueryValueExW(subKey, BlobW, NULL, NULL, buf,
94 &size);
95 if (!rc)
96 {
97 const void *context;
98 DWORD addedType;
99
100 TRACE("Adding cert with hash %s\n",
101 debugstr_w(subKeyName));
102 context = CRYPT_ReadSerializedElement(buf, size,
103 contextType, &addedType);
104 if (context)
105 {
106 const WINE_CONTEXT_INTERFACE *contextInterface;
107 BYTE hash[20];
108
109 switch (addedType)
110 {
111 case CERT_STORE_CERTIFICATE_CONTEXT:
112 contextInterface = pCertInterface;
113 break;
114 case CERT_STORE_CRL_CONTEXT:
115 contextInterface = pCRLInterface;
116 break;
117 case CERT_STORE_CTL_CONTEXT:
118 contextInterface = pCTLInterface;
119 break;
120 default:
121 contextInterface = NULL;
122 }
123 if (contextInterface)
124 {
125 size = sizeof(hash);
126 if (contextInterface->getProp(context,
127 CERT_HASH_PROP_ID, hash, &size))
128 {
129 WCHAR asciiHash[20 * 2 + 1];
130
131 CRYPT_HashToStr(hash, asciiHash);
132 TRACE("comparing %s\n",
133 debugstr_w(asciiHash));
134 TRACE("with %s\n", debugstr_w(subKeyName));
135 if (!lstrcmpW(asciiHash, subKeyName))
136 {
137 TRACE("hash matches, adding\n");
138 contextInterface->addContextToStore(
139 store, context,
140 CERT_STORE_ADD_REPLACE_EXISTING, NULL);
141 }
142 else
143 TRACE("hash doesn't match, ignoring\n");
144 }
145 Context_Release(context_from_ptr(context));
146 }
147 }
148 }
149 CryptMemFree(buf);
150 }
151 RegCloseKey(subKey);
152 }
153 /* Ignore intermediate errors, continue enumerating */
154 rc = ERROR_SUCCESS;
155 }
156 } while (!rc);
157 }
158
CRYPT_RegReadFromReg(HKEY key,HCERTSTORE store)159 static void CRYPT_RegReadFromReg(HKEY key, HCERTSTORE store)
160 {
161 static const WCHAR * const subKeys[] = { CertsW, CRLsW, CTLsW };
162 static const DWORD contextFlags[] = { CERT_STORE_CERTIFICATE_CONTEXT_FLAG,
163 CERT_STORE_CRL_CONTEXT_FLAG, CERT_STORE_CTL_CONTEXT_FLAG };
164 DWORD i;
165
166 for (i = 0; i < ARRAY_SIZE(subKeys); i++)
167 {
168 HKEY hKey;
169 LONG rc;
170
171 rc = RegCreateKeyExW(key, subKeys[i], 0, NULL, 0, KEY_READ, NULL,
172 &hKey, NULL);
173 if (!rc)
174 {
175 CRYPT_RegReadSerializedFromReg(hKey, contextFlags[i], store);
176 RegCloseKey(hKey);
177 }
178 }
179 }
180
181 /* Hash is assumed to be 20 bytes in length (a SHA-1 hash) */
CRYPT_WriteSerializedToReg(HKEY key,DWORD flags,const BYTE * hash,const BYTE * buf,DWORD len)182 static BOOL CRYPT_WriteSerializedToReg(HKEY key, DWORD flags, const BYTE *hash, const BYTE *buf,
183 DWORD len)
184 {
185 WCHAR asciiHash[20 * 2 + 1];
186 LONG rc;
187 HKEY subKey;
188 BOOL ret;
189
190 CRYPT_HashToStr(hash, asciiHash);
191 rc = RegCreateKeyExW(key, asciiHash, 0, NULL, flags, KEY_ALL_ACCESS, NULL,
192 &subKey, NULL);
193 if (!rc)
194 {
195 rc = RegSetValueExW(subKey, BlobW, 0, REG_BINARY, buf, len);
196 RegCloseKey(subKey);
197 }
198 if (!rc)
199 ret = TRUE;
200 else
201 {
202 SetLastError(rc);
203 ret = FALSE;
204 }
205 return ret;
206 }
207
CRYPT_SerializeContextsToReg(HKEY key,DWORD flags,const WINE_CONTEXT_INTERFACE * contextInterface,HCERTSTORE memStore)208 BOOL CRYPT_SerializeContextsToReg(HKEY key, DWORD flags,
209 const WINE_CONTEXT_INTERFACE *contextInterface, HCERTSTORE memStore)
210 {
211 const void *context = NULL;
212 BOOL ret;
213
214 do {
215 context = contextInterface->enumContextsInStore(memStore, context);
216 if (context)
217 {
218 BYTE hash[20];
219 DWORD hashSize = sizeof(hash);
220
221 ret = contextInterface->getProp(context, CERT_HASH_PROP_ID, hash,
222 &hashSize);
223 if (ret)
224 {
225 DWORD size = 0;
226 LPBYTE buf = NULL;
227
228 ret = contextInterface->serialize(context, 0, NULL, &size);
229 if (size)
230 buf = CryptMemAlloc(size);
231 if (buf)
232 {
233 ret = contextInterface->serialize(context, 0, buf, &size);
234 if (ret)
235 ret = CRYPT_WriteSerializedToReg(key, flags, hash, buf, size);
236 }
237 CryptMemFree(buf);
238 }
239 }
240 else
241 ret = TRUE;
242 } while (ret && context != NULL);
243 if (context)
244 Context_Release(context_from_ptr(context));
245 return ret;
246 }
247
CRYPT_RegWriteToReg(WINE_REGSTOREINFO * store)248 static BOOL CRYPT_RegWriteToReg(WINE_REGSTOREINFO *store)
249 {
250 static const WCHAR * const subKeys[] = { CertsW, CRLsW, CTLsW };
251 const WINE_CONTEXT_INTERFACE * const interfaces[] = { pCertInterface,
252 pCRLInterface, pCTLInterface };
253 struct list *listToDelete[] = { &store->certsToDelete, &store->crlsToDelete,
254 &store->ctlsToDelete };
255 BOOL ret = TRUE;
256 DWORD i;
257
258 for (i = 0; ret && i < ARRAY_SIZE(subKeys); i++)
259 {
260 HKEY key;
261 LONG rc = RegCreateKeyExW(store->key, subKeys[i], 0, NULL, 0,
262 KEY_ALL_ACCESS, NULL, &key, NULL);
263
264 if (!rc)
265 {
266 if (listToDelete[i])
267 {
268 WINE_HASH_TO_DELETE *toDelete, *next;
269 WCHAR asciiHash[20 * 2 + 1];
270
271 EnterCriticalSection(&store->cs);
272 LIST_FOR_EACH_ENTRY_SAFE(toDelete, next, listToDelete[i],
273 WINE_HASH_TO_DELETE, entry)
274 {
275 LONG rc;
276
277 CRYPT_HashToStr(toDelete->hash, asciiHash);
278 TRACE("Removing %s\n", debugstr_w(asciiHash));
279 rc = RegDeleteKeyW(key, asciiHash);
280 if (rc != ERROR_SUCCESS && rc != ERROR_FILE_NOT_FOUND)
281 {
282 SetLastError(rc);
283 ret = FALSE;
284 }
285 list_remove(&toDelete->entry);
286 CryptMemFree(toDelete);
287 }
288 LeaveCriticalSection(&store->cs);
289 }
290 ret = CRYPT_SerializeContextsToReg(key, 0, interfaces[i], store->memStore);
291 RegCloseKey(key);
292 }
293 else
294 {
295 SetLastError(rc);
296 ret = FALSE;
297 }
298 }
299 return ret;
300 }
301
302 /* If force is true or the registry store is dirty, writes the contents of the
303 * store to the registry.
304 */
CRYPT_RegFlushStore(WINE_REGSTOREINFO * store,BOOL force)305 static BOOL CRYPT_RegFlushStore(WINE_REGSTOREINFO *store, BOOL force)
306 {
307 BOOL ret;
308
309 TRACE("(%p, %d)\n", store, force);
310
311 if (store->dirty || force)
312 {
313 ret = CRYPT_RegWriteToReg(store);
314 if (ret)
315 store->dirty = FALSE;
316 }
317 else
318 ret = TRUE;
319 return ret;
320 }
321
CRYPT_RegCloseStore(HCERTSTORE hCertStore,DWORD dwFlags)322 static void WINAPI CRYPT_RegCloseStore(HCERTSTORE hCertStore, DWORD dwFlags)
323 {
324 WINE_REGSTOREINFO *store = hCertStore;
325
326 TRACE("(%p, %08x)\n", store, dwFlags);
327 if (dwFlags)
328 FIXME("Unimplemented flags: %08x\n", dwFlags);
329
330 CRYPT_RegFlushStore(store, FALSE);
331 RegCloseKey(store->key);
332 store->cs.DebugInfo->Spare[0] = 0;
333 DeleteCriticalSection(&store->cs);
334 CryptMemFree(store);
335 }
336
CRYPT_RegWriteContext(WINE_REGSTOREINFO * store,const void * context,DWORD dwFlags)337 static BOOL CRYPT_RegWriteContext(WINE_REGSTOREINFO *store,
338 const void *context, DWORD dwFlags)
339 {
340 BOOL ret;
341
342 if (dwFlags & CERT_STORE_PROV_WRITE_ADD_FLAG)
343 {
344 store->dirty = TRUE;
345 ret = TRUE;
346 }
347 else
348 ret = FALSE;
349 return ret;
350 }
351
CRYPT_RegDeleteContext(WINE_REGSTOREINFO * store,struct list * deleteList,const void * context,const WINE_CONTEXT_INTERFACE * contextInterface)352 static BOOL CRYPT_RegDeleteContext(WINE_REGSTOREINFO *store,
353 struct list *deleteList, const void *context,
354 const WINE_CONTEXT_INTERFACE *contextInterface)
355 {
356 BOOL ret;
357
358 if (store->dwOpenFlags & CERT_STORE_READONLY_FLAG)
359 {
360 SetLastError(ERROR_ACCESS_DENIED);
361 ret = FALSE;
362 }
363 else
364 {
365 WINE_HASH_TO_DELETE *toDelete = CryptMemAlloc(sizeof(WINE_HASH_TO_DELETE));
366
367 if (toDelete)
368 {
369 DWORD size = sizeof(toDelete->hash);
370
371 ret = contextInterface->getProp(context, CERT_HASH_PROP_ID,
372 toDelete->hash, &size);
373 if (ret)
374 {
375 EnterCriticalSection(&store->cs);
376 list_add_tail(deleteList, &toDelete->entry);
377 LeaveCriticalSection(&store->cs);
378 }
379 else
380 {
381 CryptMemFree(toDelete);
382 ret = FALSE;
383 }
384 }
385 else
386 ret = FALSE;
387 if (ret)
388 store->dirty = TRUE;
389 }
390 return ret;
391 }
392
CRYPT_RegWriteCert(HCERTSTORE hCertStore,PCCERT_CONTEXT cert,DWORD dwFlags)393 static BOOL WINAPI CRYPT_RegWriteCert(HCERTSTORE hCertStore,
394 PCCERT_CONTEXT cert, DWORD dwFlags)
395 {
396 WINE_REGSTOREINFO *store = hCertStore;
397
398 TRACE("(%p, %p, %d)\n", hCertStore, cert, dwFlags);
399
400 return CRYPT_RegWriteContext(store, cert, dwFlags);
401 }
402
CRYPT_RegDeleteCert(HCERTSTORE hCertStore,PCCERT_CONTEXT pCertContext,DWORD dwFlags)403 static BOOL WINAPI CRYPT_RegDeleteCert(HCERTSTORE hCertStore,
404 PCCERT_CONTEXT pCertContext, DWORD dwFlags)
405 {
406 WINE_REGSTOREINFO *store = hCertStore;
407
408 TRACE("(%p, %p, %08x)\n", store, pCertContext, dwFlags);
409
410 return CRYPT_RegDeleteContext(store, &store->certsToDelete, pCertContext,
411 pCertInterface);
412 }
413
CRYPT_RegWriteCRL(HCERTSTORE hCertStore,PCCRL_CONTEXT crl,DWORD dwFlags)414 static BOOL WINAPI CRYPT_RegWriteCRL(HCERTSTORE hCertStore,
415 PCCRL_CONTEXT crl, DWORD dwFlags)
416 {
417 WINE_REGSTOREINFO *store = hCertStore;
418
419 TRACE("(%p, %p, %d)\n", hCertStore, crl, dwFlags);
420
421 return CRYPT_RegWriteContext(store, crl, dwFlags);
422 }
423
CRYPT_RegDeleteCRL(HCERTSTORE hCertStore,PCCRL_CONTEXT pCrlContext,DWORD dwFlags)424 static BOOL WINAPI CRYPT_RegDeleteCRL(HCERTSTORE hCertStore,
425 PCCRL_CONTEXT pCrlContext, DWORD dwFlags)
426 {
427 WINE_REGSTOREINFO *store = hCertStore;
428
429 TRACE("(%p, %p, %08x)\n", store, pCrlContext, dwFlags);
430
431 return CRYPT_RegDeleteContext(store, &store->crlsToDelete, pCrlContext,
432 pCRLInterface);
433 }
434
CRYPT_RegWriteCTL(HCERTSTORE hCertStore,PCCTL_CONTEXT ctl,DWORD dwFlags)435 static BOOL WINAPI CRYPT_RegWriteCTL(HCERTSTORE hCertStore,
436 PCCTL_CONTEXT ctl, DWORD dwFlags)
437 {
438 WINE_REGSTOREINFO *store = hCertStore;
439
440 TRACE("(%p, %p, %d)\n", hCertStore, ctl, dwFlags);
441
442 return CRYPT_RegWriteContext(store, ctl, dwFlags);
443 }
444
CRYPT_RegDeleteCTL(HCERTSTORE hCertStore,PCCTL_CONTEXT pCtlContext,DWORD dwFlags)445 static BOOL WINAPI CRYPT_RegDeleteCTL(HCERTSTORE hCertStore,
446 PCCTL_CONTEXT pCtlContext, DWORD dwFlags)
447 {
448 WINE_REGSTOREINFO *store = hCertStore;
449
450 TRACE("(%p, %p, %08x)\n", store, pCtlContext, dwFlags);
451
452 return CRYPT_RegDeleteContext(store, &store->ctlsToDelete, pCtlContext,
453 pCTLInterface);
454 }
455
CRYPT_RegControl(HCERTSTORE hCertStore,DWORD dwFlags,DWORD dwCtrlType,void const * pvCtrlPara)456 static BOOL WINAPI CRYPT_RegControl(HCERTSTORE hCertStore, DWORD dwFlags,
457 DWORD dwCtrlType, void const *pvCtrlPara)
458 {
459 WINE_REGSTOREINFO *store = hCertStore;
460 BOOL ret = TRUE;
461
462 TRACE("(%p, %08x, %d, %p)\n", hCertStore, dwFlags, dwCtrlType,
463 pvCtrlPara);
464
465 switch (dwCtrlType)
466 {
467 case CERT_STORE_CTRL_RESYNC:
468 {
469 HCERTSTORE memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
470 CERT_STORE_CREATE_NEW_FLAG, NULL);
471
472 CRYPT_RegFlushStore(store, FALSE);
473 CRYPT_RegReadFromReg(store->key, memStore);
474 I_CertUpdateStore(store->memStore, memStore, 0, 0);
475 CertCloseStore(memStore, 0);
476 break;
477 }
478 case CERT_STORE_CTRL_COMMIT:
479 ret = CRYPT_RegFlushStore(store,
480 dwFlags & CERT_STORE_CTRL_COMMIT_FORCE_FLAG);
481 break;
482 case CERT_STORE_CTRL_AUTO_RESYNC:
483 FIXME("CERT_STORE_CTRL_AUTO_RESYNC: stub\n");
484 break;
485 case CERT_STORE_CTRL_NOTIFY_CHANGE:
486 FIXME("CERT_STORE_CTRL_NOTIFY_CHANGE: stub\n");
487 break;
488 default:
489 FIXME("%u: stub\n", dwCtrlType);
490 ret = FALSE;
491 }
492 return ret;
493 }
494
495 static void *regProvFuncs[] = {
496 CRYPT_RegCloseStore,
497 NULL, /* CERT_STORE_PROV_READ_CERT_FUNC */
498 CRYPT_RegWriteCert,
499 CRYPT_RegDeleteCert,
500 NULL, /* CERT_STORE_PROV_SET_CERT_PROPERTY_FUNC */
501 NULL, /* CERT_STORE_PROV_READ_CRL_FUNC */
502 CRYPT_RegWriteCRL,
503 CRYPT_RegDeleteCRL,
504 NULL, /* CERT_STORE_PROV_SET_CRL_PROPERTY_FUNC */
505 NULL, /* CERT_STORE_PROV_READ_CTL_FUNC */
506 CRYPT_RegWriteCTL,
507 CRYPT_RegDeleteCTL,
508 NULL, /* CERT_STORE_PROV_SET_CTL_PROPERTY_FUNC */
509 CRYPT_RegControl,
510 };
511
CRYPT_RegOpenStore(HCRYPTPROV hCryptProv,DWORD dwFlags,const void * pvPara)512 WINECRYPT_CERTSTORE *CRYPT_RegOpenStore(HCRYPTPROV hCryptProv, DWORD dwFlags,
513 const void *pvPara)
514 {
515 WINECRYPT_CERTSTORE *store = NULL;
516
517 TRACE("(%ld, %08x, %p)\n", hCryptProv, dwFlags, pvPara);
518
519 if (dwFlags & CERT_STORE_DELETE_FLAG)
520 {
521 DWORD rc = RegDeleteTreeW((HKEY)pvPara, CertsW);
522
523 if (rc == ERROR_SUCCESS || rc == ERROR_NO_MORE_ITEMS)
524 rc = RegDeleteTreeW((HKEY)pvPara, CRLsW);
525 if (rc == ERROR_SUCCESS || rc == ERROR_NO_MORE_ITEMS)
526 rc = RegDeleteTreeW((HKEY)pvPara, CTLsW);
527 if (rc == ERROR_NO_MORE_ITEMS)
528 rc = ERROR_SUCCESS;
529 SetLastError(rc);
530 }
531 else
532 {
533 HKEY key;
534
535 if (DuplicateHandle(GetCurrentProcess(), (HANDLE)pvPara,
536 GetCurrentProcess(), (LPHANDLE)&key,
537 dwFlags & CERT_STORE_READONLY_FLAG ? KEY_READ : KEY_ALL_ACCESS,
538 TRUE, 0))
539 {
540 WINECRYPT_CERTSTORE *memStore;
541
542 memStore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, hCryptProv,
543 CERT_STORE_CREATE_NEW_FLAG, NULL);
544 if (memStore)
545 {
546 WINE_REGSTOREINFO *regInfo = CryptMemAlloc(
547 sizeof(WINE_REGSTOREINFO));
548
549 if (regInfo)
550 {
551 CERT_STORE_PROV_INFO provInfo = { 0 };
552
553 regInfo->dwOpenFlags = dwFlags;
554 regInfo->memStore = memStore;
555 regInfo->key = key;
556 InitializeCriticalSection(®Info->cs);
557 regInfo->cs.DebugInfo->Spare[0] = (DWORD_PTR)(__FILE__ ": PWINE_REGSTOREINFO->cs");
558 list_init(®Info->certsToDelete);
559 list_init(®Info->crlsToDelete);
560 list_init(®Info->ctlsToDelete);
561 CRYPT_RegReadFromReg(regInfo->key, regInfo->memStore);
562 regInfo->dirty = FALSE;
563 provInfo.cbSize = sizeof(provInfo);
564 provInfo.cStoreProvFunc = ARRAY_SIZE(regProvFuncs);
565 provInfo.rgpvStoreProvFunc = regProvFuncs;
566 provInfo.hStoreProv = regInfo;
567 store = CRYPT_ProvCreateStore(dwFlags, memStore, &provInfo);
568 /* Reg store doesn't need crypto provider, so close it */
569 if (hCryptProv &&
570 !(dwFlags & CERT_STORE_NO_CRYPT_RELEASE_FLAG))
571 CryptReleaseContext(hCryptProv, 0);
572 }
573 }
574 }
575 }
576 TRACE("returning %p\n", store);
577 return store;
578 }
579